DeroomDeroom
Room Design
Kitchen DesignBathroom DesignLiving Room DesignCloset Design
Outdoor Design
Home Exterior DesignLandscape DesignPricingHistoryPartners

Legal

Privacy Policy

Last updated April 28, 2026

This Privacy Policy explains how Deroom AI(“Deroom AI”, “we”, “us”) collects, uses, shares, and protects information when you visit deroomai.comor otherwise use the Deroom AI service (the “Service”). It applies to all users of the Service and is intended to satisfy the disclosure requirements of the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar privacy laws.

1. Who We Are

Deroom AI provides AI-assisted interior, exterior, and landscape redesign. For the purposes of EU/UK data-protection law, Deroom AI is the data controller for the personal information described in this Policy. You can contact us about privacy at support@deroomai.com.

2. Information We Collect

2.1 Information you provide

  • Account information. When you sign in with Google, your identity provider shares your email address, name, and profile picture URL with us. We do not receive your Google password.
  • Uploaded content. Photographs and any prompts or preferences you submit to generate a redesign.
  • Communications. If you email us, we receive your message and any attachments, and we keep a record of the conversation so we can help you.

2.2 Information we generate

  • Generated images. Outputs produced by the Service in response to your inputs.
  • Account state. Your subscription plan, credit balance, generation history, and usage timestamps.

2.3 Information collected automatically

  • Device and log data. IP address, browser type and version, operating system, referring page, the pages you view, and the actions you take. We use this to operate the Service, prevent abuse, and diagnose problems.
  • Cookies and similar technologies. See Section 7 below.

2.4 Information from payment processors

When you subscribe to a paid plan, payment is processed by PayPal. We do not see or store your full payment-card information. PayPal shares with us a transaction identifier, your subscription status, and limited billing metadata (such as country and currency). PayPal processes payment information under its own privacy policy.

3. How We Use Your Information

We use the information described above to:

  • provide and operate the Service, including authenticating you, processing your uploads, and returning generated designs;
  • charge subscription fees, manage your plan, and respond to refund requests;
  • communicate with you about your account, billing, security, and material changes to the Service;
  • detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms;
  • understand how the Service is used so we can improve it (this analysis is performed on aggregated, de-identified data wherever possible);
  • comply with applicable law and respond to lawful requests from public authorities.

We do not use your uploaded photos or generated images to train publicly released foundation models, and we do not sell your personal information.

3.1 Legal bases (EU/UK users)

If you are in the EU, UK, or another GDPR jurisdiction, we rely on:

  • Performance of a contract — to provide the Service you asked for and to bill you for it;
  • Legitimate interests — to keep the Service secure, prevent abuse, debug issues, and improve the product, balanced against your privacy interests;
  • Consent — for non-essential cookies and any other purpose that strictly requires consent under applicable law;
  • Legal obligation — where we must process information to comply with a law that applies to us.

4. AI Processing of Your Photos

Generative AI is a core part of the Service. When you upload a photo and start a generation:

  • your photo and selected parameters are transmitted to one or more third-party AI infrastructure providers that perform model inference on our behalf;
  • those providers process the inputs only as needed to return a result and are contractually required to act as our processors and not to use the inputs for their own purposes (including independent model training);
  • we receive the generated image back, store it on our content-delivery infrastructure, and link it to your account so you can download or revisit it.

Specific AI providers may change as we improve the Service. We will keep this Policy reasonably up to date and will not introduce a provider that uses your uploads to train its public models without first updating this Policy and, where required, obtaining your consent.

5. How We Share Information

We share personal information only with:

  • Service providers / processors who help us run the Service, including hosting and content delivery, AI infrastructure, error monitoring, analytics, transactional email, and customer-support tooling. They may process your information only as instructed by us and under written agreements that require appropriate confidentiality and security.
  • Identity and payment partners, namely Google (sign-in) and PayPal (payments), to authenticate you and to handle subscription billing.
  • Authorities and others when we reasonably believe disclosure is required by law, to enforce our Terms, to protect the rights, property, or safety of Deroom AI or others, or in connection with a merger, acquisition, or sale of assets (in which case we will provide notice before personal information becomes subject to a different privacy policy).

We do not sell or rent your personal information, and we do not share it for cross-context behavioral advertising.

6. Data Retention

We retain personal information for as long as it is needed to provide the Service or to comply with our legal obligations. In practice:

  • Account data is retained while your account is active.
  • Uploaded photos and generated images are retained while your account is active or until you delete them. After account deletion, we remove them from our primary systems within 30 days; encrypted backups may retain copies for a limited additional period before they are overwritten.
  • Billing records may be retained for up to 7 years where required by tax or accounting law.
  • Logs and security data are retained for a limited rolling window (typically up to 12 months) for fraud prevention and debugging.

7. Cookies and Similar Technologies

We use a small number of cookies and similar technologies:

  • Strictly necessary — to keep you signed in, remember your preferences within a session, and protect against cross-site request forgery. These cannot be disabled without breaking the Service.
  • Analytics — privacy-respecting analytics that help us understand which pages and features are used. Where required, we ask for your consent before setting non-essential analytics cookies.

You can clear cookies and block them in your browser settings; doing so may affect your ability to stay signed in.

8. Your Privacy Rights

Depending on where you live, you may have the right to:

  • access the personal information we hold about you and receive a copy in a portable format;
  • correct inaccurate or incomplete information;
  • delete your information, subject to limited legal exceptions;
  • object to or restrict certain processing, including processing based on legitimate interests;
  • withdraw any consent you have given, without affecting processing already performed;
  • not be discriminated against for exercising these rights (CCPA/CPRA);
  • lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@deroomai.com from the address associated with your account. We will respond within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before fulfilling certain requests.

9. International Transfers

Deroom AI is a global service. Your information may be processed in countries other than the one in which you live, including jurisdictions whose data-protection laws differ from yours. Where we transfer personal information out of the EEA, the UK, or another region with cross-border transfer rules, we rely on legally recognized transfer mechanisms (such as the EU Standard Contractual Clauses) and apply appropriate safeguards.

10. Security

We use technical and organizational measures intended to protect personal information from accidental loss and unauthorized access, alteration, or disclosure. These include encryption in transit, access controls, secrets management, and audit logging. No system is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a breach that affects you, we will notify you and the relevant authorities as required by law.

11. Children

The Service is not directed to children under 13 (or under 16 in jurisdictions with a higher digital-consent age). We do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact support@deroomai.com and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top of this page reflects the latest revision. If we make a material change, we will provide reasonable advance notice (for example, by email or by posting a notice on the Service) before the change takes effect.

13. Contact

Questions, requests, or complaints about this Privacy Policy can be sent to support@deroomai.com.